Fundamentals of Digital Item Fraud: Automation from the Other Side

In a previous post about physical item fraud tactics and patterns, we talked about how fraudsters deploy bots and scripting to create accounts and even to place orders on your marketplace. While this practice is used on all kinds of platforms and for all kinds of goods and services, in the digital goods sector – this approach is rampant.

In this blog, we’ll explain why this is true, and how you can combat digital item fraud successfully and in a cost-effective way. We’ll talk again about the need for a two-pronged machine learning (ML) and human intelligence approach.

Digital Item Fraud: What’s Included?

Digital goods might mean different things to businesses depending on how much they want to include in that bucket. In some areas, it’s straight forward. This could include gift cards, digital downloads for software, or games. But it also may include subscription-based services or even customer loyalty points/redemptions. For our purposes today, digital goods will refer to gift cards and digital content downloads. In a future post, we’ll get into the details about those other products.

If They Use it, You Lose it

Just like in all fraud, the how and why bad guys attempt digital item fraud purchases are nuanced. Their motivations are slightly different so their tactics will alter accordingly. Although the final goal is always to make money, sometimes this is slightly indirect with digital item fraud.

The fraudster may want to use stolen payment instruments (PIs) to purchase gift cards so they can sell those gift cards to a buyer. But they also may use gift cards right away on redemptions for physical goods that are then sold to a buyer.

The end result is still cash in the hands of the bad guy and losses for your business, but it’s important to understand that digital item fraud attacks are sometimes just the first part of the bad actor’s plan. Monetization may take a few more steps on their side.

Knowing this, and depending on backend controls on your digital items, you may miss fraud purchases initially, but if you’re fast enough and have a robust digital item fraud solution, you may be able to thwart those cash grabs from the bad guys later in the cycle of their process.

With gift cards, if you aren’t already building in the ability for your fraud team or ML system to block redemption post-purchase, then you should be doing everything you can to work with your company’s engineers to create this functionality.

Most of the time redemptions of gift cards happen quickly. Sometimes in seconds. But lots of bad actors don’t have the ability to do this. Yet. Sometimes there is a window between a digital item fraud purchase and the redemption of the item. Similarly, there could be a delay between the purchase and the resale and then the redemption. Using this to your advantage could make or break your defenses against digital item fraud.

Redemption Delays

You can achieve this in a few ways. One would be to enforce built-in delays for gift card redemptions. This is a controversial approach because many good customers are likely to redeem right away after a purchase. So, this has the potential to introduce customer friction into your system. There could be all manner of motivations for buying a gift card first, and then using that gift card to purchase a physical item.

The argument could be made that this is slightly more common for a fraudster than a good customer. Because of this, redemption delays are a possible blanket approach that allows your fraud team precious time to root out bad activity before it’s too late. But it’s not without potential impact elsewhere.

Redemption Blocks

Another approach, and one that should exist regardless of redemption delays, is the ability to block redemption of a gift card. This may sound like a simple and common process, but many businesses do not have the ability to complete this kind of action. Especially in their infancy. Sometimes the sale, illegitimate or legitimate, is final and once it’s complete, the redemption of a gift card can be completed by anyone who has the card or gift card code.

If this is how your system works, it is highly recommended that you work with your team to change that. Again, speed is of the essence with fraudsters, so redemptions typically happen quickly, but if there’s a chance to block a redemption after purchase that could save you additional losses of physical product (on top of the loss for the chargeback you’ll inevitably receive after the PI holder notices the gift card purchase) you could save thousands of dollars, or more, depending on the size of your marketplace.

Bots and Scripts: Why Automation Can Work Against the Bad Guys’ Intentions

Fraudsters may still go to great lengths to create cryptic and complicated ways to defraud your business on digital purchases. But because the cost of a piece of software or video game is typically much less expensive than the cost of a laptop or backyard grill, that means the fraudster makes less during resale. As a result, the bad guys are doing everything they can to streamline their digital item fraud processes to maximize profits and minimize time and effort. This often means using bots and scripting software throughout multiple portions of the purchase cycle.

In other posts about bad guy tactics, we’ve talked about the importance of proactive investigations. In particular, having a human intelligence team review accounts or transactions (or both) in bulk is extremely beneficial here. Because of fraudster automation, patterns emerge in droves in the digital sector.

If you’re a bad guy and you’ve got limited resources and time, using software to create mass lists of email accounts is an easy place to start. This kind of process is described at length all over the internet and it’s certainly not something exclusive to the dark web. A quick Google search for ‘bot software’ or ‘scripting bot’ could take you to a perfectly legitimate site like a forum or reddit where a person can find detailed steps on creating bots or using scripting software.

With this kind of information, fraudsters often create thousands of email accounts within seconds of one another. These will be the emails used to create accounts later on your eCommerce site. These emails could be on relatively obscure or outdated domains like freemail.com or they could be on far more popular domains like gmail.com or outlook.com.

Keep in mind that region or country plays a huge role here. In some places, certain mail domains are popular. In others, they’re almost unheard of. So, a new email domain in your system may not always be a bad sign.

If the script created a thousand email accounts, it had to follow a structure. Often a naming convention. This logic, part of the bot or script, is typically setup by the bad actor. Their goal is to create an ehandle that looks normal. One that is common. This is why investigators in this business often view something like firstnamelastname123@ as a reason to dig deeper in a review just as much as a regular user would think that email looks exactly like their own. Because fraudsters know what ehandles commonly look like, it’s difficult to rely on this alone to identify patterns in bulk. But it is a starting point.

Unless you work for a company that offers email services in addition to goods and services, you likely won’t have access to creation dates, timestamps, or other information associated with the email itself. If you do, this is a treasure trove of data that can be leveraged in a digital item fraud investigation. However, as long as your business is collecting similar data surrounding account creation and/or sign-up on your marketplace, patterns can form just as quickly.

A good human intelligence team can find those firstnamelastname123 emails quickly. They can filter and locate subgroups within that larger group with very similar timestamps or accounts from the same region, using the same bank, or PI type, etc. Proactive blocking of these mass-created accounts can happen quickly, often before a bad actor even has time to attempt a purchase.

Of course, fraudsters know that they’re being watched. So, a good human intelligence team will notice slight changes in the pattern of suspect and similar account setups over time. Perhaps the ehandle becomes LastName321@ or suddenly a proxy IP makes the account, at first glance, look like it’s coming from a place not currently associated with the previous or known fraud patterns.

One Size Doesn’t Fit All

Not all digital item fraud is going to come in the form of bot-created accounts making purchase attempts in rapid succession. Just like with other fraud types, you’ll see individuals attempting just a few purchases here and there. You’ll see nuanced approach. You’ll see transactions with associated data that has all sorts of mismatches and inconsistencies.

As always, your human intelligence team will have to dig deep to find the last puzzle piece before deciding to pass or reject. Unfortunately, there’s no catch all here. A good digital item fraud defense involves the same kinds of mixed approaches as you’re deploying elsewhere. This includes individual manual review, ML models, and bulk investigation.

This is the nature of the beast in fraud. It’s a constant game of action and reaction. It’s cat and mouse. It’s important to understand however, that a good human intelligence team can sniff out the slight changes in bad actor activity, and your ML system can maintain blocks on previously identified patterns just in case the bad guys repeat an attack type.

There are many ways to set up and maintain a digital item fraud mitigation strategy for your online business. But as you’ll come to see after reading this blog series, we’ll continually state that it’s this combo approach that proves most effective in ensuring secure and safe transactions for your customers regardless of the item or service being sold.